pybind11 extension

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for mirusu400 from gravatar.com mirusu400

Unverified details

These details have not been verified by PyPI
Meta
Classifiers
Report project as malware

Project description

external_proc python module

Python Version PYPI Downloads

External process memory manager

Installation

Ensure you have at least Python 3.8+

pip install external_proc
or
pip install git+https://github.com/bananasss00/external_proc.git

Usage examples

More examples in 'tests' directory

Open/Close process

from external_proc import *

p = ExtProcess.open(PROCESS_NAME or PROCESS_ID)
p.close()
### or ###
with ExtProcess.ctx_open(PROCESS_NAME or PROCESS_ID) as p:
  pass

Read/Write values

with ExtProcess.ctx_open(process_name) as p:
  # write
  p.write.list_bytes(address, [0x90, 0x90])
  p.write.bytes(address, b'\x90\x90')
  p.write.str(address, 'string')
  p.write.wstr(address, 'unicode string')
  p.write.uint8(address, 1)
  p.write.uint16(address, 1)
  p.write.uint32(address, 1)
  p.write.uint64(address, 1)
  p.write.int8(address, -1)
  p.write.int16(address, -1)
  p.write.int32(address, -1)
  p.write.int64(address, -1)
  p.write.float(address, 0.01)
  p.write.double(address, 0.01)
  # read
  v = p.read.list_bytes(address, BYTES_COUNT)
  v = p.read.bytes(address, BYTES_COUNT)
  v = p.read.str(address, MAX_BYTES_COUNT) # read string to first \x00
  v = p.read.wstr(address, MAX_BYTES_COUNT) # read string to first \x00
  v = p.read.uint8(address) # signed 1 byte value
  v = p.read.uint16(address) # signed 2 byte value
  v = p.read.uint32(address) # signed 4 byte value
  v = p.read.uint64(address) # signed 8 byte value
  v = p.read.int8(address) # unsigned 1 byte value
  v = p.read.int16(address) # unsigned 2 byte value
  v = p.read.int32(address) # unsigned 4 byte value
  v = p.read.int64(address) # unsigned 8 byte value
  v = p.read.float(address) # 4 byte
  v = p.read.double(address) # 8 byte

Pointers

# Pointer types:
#   ListBytes
#   Bytes
#   Str
#   Wstr
#   Uint8
#   Uint16
#   Uint32
#   Uint64
#   Int8
#   Int16
#   Int32
#   Int64
#   Float
#   Double
#   Invalid
ptr = p.make_ptr(address, PtrType.Int32)
address = ptr.get_address() # return current address
ptr.set_value(333)
value = ptr.get_value()

# get address from multilevel pointers
ptr = p.make_ptr(0x6426E0, core.PtrType.Uint32)\
            .go_ptr(0xC)\
            .go_ptr(0x14)\
            .go_ptr()\
            .go_ptr(0x18)

# PtrTypes: ListBytes, Bytes, Str, Wstr
#   require additional argument
#   for get_value(BYTES_COUNT or MAX_BYTES_COUNT for strings)

Simple dll injector x32/x64

with ExtProcess.ctx_open(process_name) as p:
  dll_path = os.path.abspath('lib.dll')
  loadlib_func = get_proc_address('kernel32', 'LoadLibraryA', x64=p.is_x64_process())
  param = p.alloc()
  p.write.str(param, dll_path)
  with p.ctx_create_thread(loadlib, param, wait_thread=True) as th_id:
      pass

Signature scanner. IDA Style

exe_module = p.get_module()
client_module = p.get_module('client.dll')

# .text:00428873 8D 4D F0          lea ecx, [ebp+var_10]
# .text:00428876 E8 05 4E FE FF    call 0x40D680

# E8 ? ? ? ? - it's instruction call 0x40D680
signature = "8D 4D F0 E8 ? ? ? ?" 

# equal: find_pattern(signature) + 3
sig_in_all_module: Ptr = client_module.find_pattern(signature, add_offset=3)
sig_in_code_section: Ptr = client_module.section('.text').find_pattern(signature, 3)

# for read relative offset from call instruction you can simple do this
adr = sig_in_code_section.go_call_ptr().get_address()
# same for jmp, je and etc inctructions: .go_jmp_ptr(), .go_jmp_short_ptr()

Shellcode injection. Using nasm(need add in to PATH environment variable directory with nasm.exe)

    # CheatEngine Tutorial x64. Step 7: Code Injection: (PW=013370)
    with ExtProcess.ctx_open('Tutorial-x86_64.exe') as t:
        m = t.get_module()
        code_decrement_health = 0x10002D4F7
        new_code = t.alloc(2048, code_decrement_health)  # alloc memory near 'code_decrement_health'
                                                                                   # for short relative jump!!!
        t.virtual_protect(code_decrement_health, 7, PageFlags.PAGE_EXECUTE_READWRITE)
        t.write.bytes(code_decrement_health, nasm(f'''jmp {hex(new_code)}\nnop\nnop''', 64, hex(code_decrement_health)))
        t.write.bytes(new_code, nasm('''add dword [rsi+0x7E0], 0x2 ; +2 health instead -1
                                        jmp qword 0x10002D4FE''', 64, new_code))

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for mirusu400 from gravatar.com mirusu400

Unverified details

These details have not been verified by PyPI
Meta
Classifiers

Release history Release notifications | RSS feed

This version

0.1.2

0.1.1

0.1.0

0.0.2

0.0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

external_proc-0.1.2.tar.gz (16.8 kB view details)

Uploaded Source

Built Distributions

If you're not sure about the file name format, learn more about wheel file names.

external_proc-0.1.2-cp312-cp312-win_amd64.whl (143.1 kB view details)

Uploaded CPython 3.12Windows x86-64

external_proc-0.1.2-cp312-cp312-win32.whl (128.2 kB view details)

Uploaded CPython 3.12Windows x86

external_proc-0.1.2-cp311-cp311-win_amd64.whl (141.8 kB view details)

Uploaded CPython 3.11Windows x86-64

external_proc-0.1.2-cp311-cp311-win32.whl (127.2 kB view details)

Uploaded CPython 3.11Windows x86

external_proc-0.1.2-cp310-cp310-win_amd64.whl (140.7 kB view details)

Uploaded CPython 3.10Windows x86-64

external_proc-0.1.2-cp310-cp310-win32.whl (126.2 kB view details)

Uploaded CPython 3.10Windows x86

external_proc-0.1.2-cp39-cp39-win_amd64.whl (148.8 kB view details)

Uploaded CPython 3.9Windows x86-64

external_proc-0.1.2-cp39-cp39-win32.whl (126.3 kB view details)

Uploaded CPython 3.9Windows x86

external_proc-0.1.2-cp38-cp38-win_amd64.whl (140.4 kB view details)

Uploaded CPython 3.8Windows x86-64

external_proc-0.1.2-cp38-cp38-win32.whl (126.1 kB view details)

Uploaded CPython 3.8Windows x86

File details

Details for the file external_proc-0.1.2.tar.gz.

File metadata

  • Download URL: external_proc-0.1.2.tar.gz
  • Upload date:
  • Size: 16.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for external_proc-0.1.2.tar.gz
Algorithm Hash digest
SHA256 2ef48368c2edbca395dfa072308f7da8207cb4b30e8628d7080f06110e432435
MD5 dcc82260256a767998fb5bf1b36027df
BLAKE2b-256 3cabaf91ce2e9b49e64eadc92b2c1f14d48308faec7cca4fcb0a56038441bbe9

See more details on using hashes here.

Provenance

The following attestation bundles were made for external_proc-0.1.2.tar.gz:

Publisher: release.yml on mirusu400/external_proc

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file external_proc-0.1.2-cp312-cp312-win_amd64.whl.

File metadata

File hashes

Hashes for external_proc-0.1.2-cp312-cp312-win_amd64.whl
Algorithm Hash digest
SHA256 c25f6b49c8cb04709457b5e6571bdf5023ea4a145a2723e89eebde9e5ecb026c
MD5 79908079670d5e0da4f64cf9bcabda4d
BLAKE2b-256 baf76f0c2b1a297d7673c4118307906f963f9d01013799420dc3ab4fb4340cf5

See more details on using hashes here.

Provenance

The following attestation bundles were made for external_proc-0.1.2-cp312-cp312-win_amd64.whl:

Publisher: release.yml on mirusu400/external_proc

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file external_proc-0.1.2-cp312-cp312-win32.whl.

File metadata

  • Download URL: external_proc-0.1.2-cp312-cp312-win32.whl
  • Upload date:
  • Size: 128.2 kB
  • Tags: CPython 3.12, Windows x86
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for external_proc-0.1.2-cp312-cp312-win32.whl
Algorithm Hash digest
SHA256 7c8d9e5fe54032784b4b917f5c569cc2a35077681dfd8ce659c5ccd5ef6dd6d9
MD5 d00538d42c53a40b1ac0a58ae0320c61
BLAKE2b-256 012a9502eed5c66e796f02f0b6955fd219e1f27f053901ace274858be54e7302

See more details on using hashes here.

Provenance

The following attestation bundles were made for external_proc-0.1.2-cp312-cp312-win32.whl:

Publisher: release.yml on mirusu400/external_proc

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file external_proc-0.1.2-cp311-cp311-win_amd64.whl.

File metadata

File hashes

Hashes for external_proc-0.1.2-cp311-cp311-win_amd64.whl
Algorithm Hash digest
SHA256 3cab49eeb86f7a3ab0b42e7dff8f2319ab27127fca612f12c421f2bb111caf29
MD5 c865719a8d1b5850d3d0b57cbc3249bb
BLAKE2b-256 4c4482eb64020f69d6379e7e7e112496ca2651672e0467720ffede83d0c283b7

See more details on using hashes here.

Provenance

The following attestation bundles were made for external_proc-0.1.2-cp311-cp311-win_amd64.whl:

Publisher: release.yml on mirusu400/external_proc

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file external_proc-0.1.2-cp311-cp311-win32.whl.

File metadata

  • Download URL: external_proc-0.1.2-cp311-cp311-win32.whl
  • Upload date:
  • Size: 127.2 kB
  • Tags: CPython 3.11, Windows x86
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for external_proc-0.1.2-cp311-cp311-win32.whl
Algorithm Hash digest
SHA256 7dabb4dd6882891182e703ed052af4148dc4f7fc08feda24a26c8f17c8c984d5
MD5 985e0f962ccce961a366669d3f33f099
BLAKE2b-256 9bb6f6ecd416c6822b28a2354bcff7b312d0c7424ddd020515ff025527fd31a3

See more details on using hashes here.

Provenance

The following attestation bundles were made for external_proc-0.1.2-cp311-cp311-win32.whl:

Publisher: release.yml on mirusu400/external_proc

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file external_proc-0.1.2-cp310-cp310-win_amd64.whl.

File metadata

File hashes

Hashes for external_proc-0.1.2-cp310-cp310-win_amd64.whl
Algorithm Hash digest
SHA256 97ef0c5d84169ee11eb7c18cbff24d952541f546129f93141790fc22d19df651
MD5 b03c7b58f5428664f3cfaf363f7da40f
BLAKE2b-256 247f3a0ca554e7e80decb2e19ba748491fe6151771cba8c2e158ea307113ea06

See more details on using hashes here.

Provenance

The following attestation bundles were made for external_proc-0.1.2-cp310-cp310-win_amd64.whl:

Publisher: release.yml on mirusu400/external_proc

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file external_proc-0.1.2-cp310-cp310-win32.whl.

File metadata

  • Download URL: external_proc-0.1.2-cp310-cp310-win32.whl
  • Upload date:
  • Size: 126.2 kB
  • Tags: CPython 3.10, Windows x86
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for external_proc-0.1.2-cp310-cp310-win32.whl
Algorithm Hash digest
SHA256 ab3ed64dea676dcd3823458b03c88623f7f3676ec7e063586ea66cd0561074f3
MD5 85fa35751ff0697839fbf835b8fee30d
BLAKE2b-256 fd0cc7dce1fcaf0d91a30cf333fdd67df1722bfee03f1d0e1e12f0c345e6cdd4

See more details on using hashes here.

Provenance

The following attestation bundles were made for external_proc-0.1.2-cp310-cp310-win32.whl:

Publisher: release.yml on mirusu400/external_proc

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file external_proc-0.1.2-cp39-cp39-win_amd64.whl.

File metadata

File hashes

Hashes for external_proc-0.1.2-cp39-cp39-win_amd64.whl
Algorithm Hash digest
SHA256 1a325d170e25c0ff6538c66575864244dde55ce8352f1dcdb060f8c12bed753c
MD5 986cdcc879fabc7c29761e773b8f31c4
BLAKE2b-256 496ff6fe5580201d9117e13db4ccbacc5d94823d82446674c7c0faa5bfbf487c

See more details on using hashes here.

Provenance

The following attestation bundles were made for external_proc-0.1.2-cp39-cp39-win_amd64.whl:

Publisher: release.yml on mirusu400/external_proc

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file external_proc-0.1.2-cp39-cp39-win32.whl.

File metadata

  • Download URL: external_proc-0.1.2-cp39-cp39-win32.whl
  • Upload date:
  • Size: 126.3 kB
  • Tags: CPython 3.9, Windows x86
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for external_proc-0.1.2-cp39-cp39-win32.whl
Algorithm Hash digest
SHA256 b8171d2c93eb035345efae92e613d717304a7a0912527cc998ba3bf7714bfe06
MD5 6d5c175a089392d1e15d1323ecee1bc8
BLAKE2b-256 a09ba8a8e5c6ef728460e5453506850ae950c1603266bbbe82b3845a8a2d09fb

See more details on using hashes here.

Provenance

The following attestation bundles were made for external_proc-0.1.2-cp39-cp39-win32.whl:

Publisher: release.yml on mirusu400/external_proc

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file external_proc-0.1.2-cp38-cp38-win_amd64.whl.

File metadata

File hashes

Hashes for external_proc-0.1.2-cp38-cp38-win_amd64.whl
Algorithm Hash digest
SHA256 318b50032b4bca68bbd0b11dc76811f32715aa1516f640187c0248e2f6aae85a
MD5 5d452e963e03f784837dd8e523f1f6be
BLAKE2b-256 96844a69c147f23a2d4e6656f4933f642538b7014757f00b11e23330cbcbf580

See more details on using hashes here.

Provenance

The following attestation bundles were made for external_proc-0.1.2-cp38-cp38-win_amd64.whl:

Publisher: release.yml on mirusu400/external_proc

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file external_proc-0.1.2-cp38-cp38-win32.whl.

File metadata

  • Download URL: external_proc-0.1.2-cp38-cp38-win32.whl
  • Upload date:
  • Size: 126.1 kB
  • Tags: CPython 3.8, Windows x86
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for external_proc-0.1.2-cp38-cp38-win32.whl
Algorithm Hash digest
SHA256 25762c0f613af39bafa6dcb4d1e65e18041f35914f2983fc740a9efe200fd765
MD5 a467f2941b87b08e39dc31dadd7d4fad
BLAKE2b-256 19a6ad5cb832ce81a60fcee652a71fe9ead36263e8898a751c88cfe58d324205

See more details on using hashes here.

Provenance

The following attestation bundles were made for external_proc-0.1.2-cp38-cp38-win32.whl:

Publisher: release.yml on mirusu400/external_proc

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page